investor advisory group non-compliance with laws and
TRANSCRIPT
Investor Advisory Group
Non-Compliance with Laws and Regulations (NOCLAR)
Appendix A
Comparison of Auditing Standards applicable to Auditing Compliance with Laws and Regulations
Below is a comparison of various auditing standards related to auditing of, and reporting on, compliance with laws and regulations. In addition to these standards, it is important to note that
various ethical standards also apply to and may very well prohibit, disclosure of confidential information discovered during the course of the audit, to anyone other than those who engaged the
auditor. In turn, the auditor may find that certain types of evidence obtained may lead to concerns that could result in the auditor resigning from the engagement, without disclosure of those
concerns and the underlying evidence.
GAO Yellow Book Section 10A of the Securities Exchange Act of 1934
International Auditing Standard PCAOB i AICPA
Applicable Auditing Standards
Government Auditing Standards (“Yellow Book”) 2011 Revision
Generally Accepted Auditing Standards. For audits of public entities, these would be the auditing standards issued by the PCAOB.
ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements Including Related Conforming Amendments to Other International Standards
AS 2405, Illegal Acts by Clients AU 200, Overall Objectives of the Independent Auditor and the conduct of an Audit in Accordance With Generally Accepted Auditing Standards; AU 240, Consideration of Fraud in a Financial Statement Audit, [SAS No. 122, 128]; AU 250, Consideration of Laws and Regulations in an Audit of Financial Statements, AU 260, The Auditors Communication with those Charged with Governance;
Scope Generally Accepted Governmental Auditing Standards (“GAGAS”) are for “…use by auditors of
Generally Accepted Auditing Standards (“GAAS”) for audits of an issuer.
ISA 250 “…deals with the auditor’s responsibility to consider laws and regulations in an audit of financial
PCAOB Auditing Standards are to be complied with by independent auditors of issuers.ii
Applicable to audits of non issuers whose audits are not subject to oversight by the PCAOB.
government entities and entities that receive government awards and audit organizations GAGAS audits.” GAGAS applies to “…audits of governmental entities, programs, activities, and functions, and of governmental assistance administered by contractors, nonprofit entities, and other nongovernmental entities when the use of GAGAS is required or is voluntarily followed.” [Para 1.04, 1.06] GAGAS incorporate by reference the AICPA Auditing Standards.
statements.”
Ethical Considerations Auditors subject to GAGAS may also be subject to government ethics laws and regulations. [Para. 1.13] “The principle of public interest is fundamental to the responsibilities of auditors and critical in the government environment.” A distinguishing mark of an auditor is acceptance of responsibility to serve the public interest. [Para. 1.15, 1.16] In the government
Does not address International Ethics Standards Board for Accountants (IESBA) issued Responding to Non-Compliance with Laws and Regulations in July 2016. The IESBA develops the Code of Ethics for Professional Accountants. Section 225.2 states: “Non-compliance with laws and regulations (“non-compliance”) comprises acts of omission or commission, intentional or unintentional, committed by a client, or by those charged with governance, by management or by other
Auditors subject to the PCAOB standards are required to follow the PCAOB and SEC independence and ethical standards. As they are required to be licensed CPA’s in the United States, they must also follow the ethical and independence rules and regulations of their applicable state board of accountancy. Many of the state accountancy laws are based on the Uniform Model Accountancy Act. In Section 18 of that Model Act, it states:
Auditors subject to the AICPA Auditing Standards are required to follow the AICPA independence and ethical standards. As they are required to be licensed CPA’s in the United States, they must also follow the ethical and independence rules and regulations of their applicable state board of accountancy.
environment, the public’s right to transparency of governmental information has to be balanced with the proper use of that information. “…many government programs are subject to laws and regulations dealing with the disclosure of information.” “Improperly disclosing any such information to third parties is not an acceptable practice.” {Para. 1.20, 1.21]
individuals working for or under the direction of a client which are contrary to the prevailing laws or regulations.” Section 225.4 states: “A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. Section 225.5 discusses the approach of an auditor that encounters or is made aware of either suspected or actual non-compliance that have a material direct effect on the financial statements as well as those that do not but do involve instances in which “…compliance with which may be fundamental to the operating aspects of the client’s business, to its ability to continue its business, or to avoid material penalties.” Section 225.6 goes on to list several examples of applicable laws and regulations such as those that deal with fraud, bribery, securities markets and trading, data protection, environmental protection and public health and safety. Section 225.7 goes on to state: “Non-compliance may result in
Model Accountancy Act Section 18:
CONFIDENTIAL COMMUNICATIONS
Except by permission of the client for whom a licensee performs services…, a licensee under this Act, shall not voluntarily disclose information communicated to the licensee by the client relating to and in connection with services rendered to the client by the licensee. Such information shall be deemed confidential, provided, however, that nothing herein shall be construed as prohibiting the disclosure of information required to be disclosed by the standards of the public accounting profession in reporting on the examination of financial statements or as prohibiting compliance with applicable laws, government regulations or PCAOB requirements, disclosures in court proceedings, in investigations
fines, litigation or or other consequences for the client that may have a material effect on its financial statements. Importantly, such non-compliance may have wider public interest implications in terms of potentially substantial harm to investors, creditors, employees or the general public.” This ethical standard goes on to set a standard that requires the auditor to understand the matter, address it, communicate it to appropriate people, and document it. The standard notes the auditor cannot simply withdraw from the audit engagement if withdrawal would not result in the auditor achieving the objectives of the standard. In light of the response of management and those charged with governance to communication from the auditor, Section 225.25 the auditor “…shall determine if further action is needed in the public interest.” Section 225.26 goes on to state that one of the
or proceedings under Sections 11 or 12 of this Act, in ethical investigations conducted by private professional organizations, or in the course of peer reviews, or to other persons active in the organization performing services for that client on a need to know basis or to persons in the entity who need this information for the sole purpose of assuring quality control.
The U.S. Supreme Court issued an opinion in United States v. Arthur Young & Co. 465 U.S. 805 (1984). In this case, the court considered whether independent auditor work papers related to income tax accounts should be subject to confidential treatment under a theory of work product immunity. The company being audited had demanded the auditor not provide the work papers to the IRS. The US Supreme Court stated in its opinion: “By certifying the public reports that collectively depict a corporation's financial status, the
factors that will determine if the auditor should take further action is “Whether there is credible evidence of actual or potential substantial harm to the interests of the entity, investors, creditors, employees or the general public.”
independent auditor assumes public responsibility transcending any employment relationship with the client. The independent public accountant performing this special function owes ultimate allegiance to the corporation's creditors and stockholders, as well as to the investing public. This "public watchdog" function demands that the accountant maintain total independence from the client at all times, and requires complete fidelity to the public trust. To insulate from disclosure a certified public accountant's interpretations of the client's financial statements would be to ignore the significance of the accountant's role as a disinterested analyst charged with public obligations.
Standards for GAGAS establishes Requires that each audit of the The auditor considers laws The auditor does not issue a
Financial Statement Audits
requirements for performing financial statement audits in addition to those in the AICPA Auditing Standards including the requirement related to: “c. fraud, noncompliance of laws, regulations, contracts, and grant agreements and abuse,…”iii [Para. 4.02] Auditors performing a GAGAS financial audit should extend the AICPA requirements pertaining to the auditors’ responsibilities for laws and regulations to also apply to consideration of compliance with provisions of contracts or grant agreements. Auditors are not required to detect abuse. However, if auditors become award of abuse that could be quantitatively or qualitatively material to the financial statements or other financial data significant to audit objectives, auditors should apply audit procedures specifically directed ascertain the potential effect on the financial statements or other financial data significant to the
financial statements of an issuer include “…procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts.” The procedures that must be performed are those that are required by GAAS as established by the PCAOB. If an auditor detects or otherwise becomes aware of information indicating that an illegal act (whether or not perceived to have a material effect on the financial statements of the issuer) has or may have occurred, the auditor shall, in accordance with GAAS; (A)(i) determine whether it is likely that an illegal act has occurred; and (ii) if so, determine and consider the possible effect of the illegal act on the financial statements of the issuer, including any contingent monetary effects, such as fines, penalties, and damages;
It is the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements. [ISA 250.3] However, the auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with all laws and regulations. [ISA 250.04] The auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether due to fraud or error. [ISA 250.05] ISA 250.6 distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows: (a) The provisions of those laws
and regulations that are
generally recognized by
auditors to have a direct and
material effect on the
determination of financial
statement amounts. The
auditor considers such laws
or regulations from the
perspective of their known
relation to audit objectives
derived from financial
statements assertions rather
than from the perspective of
legality per se. The auditor's
responsibility to detect and
report misstatements
resulting from illegal acts
having a direct and material
effect on the determination
of financial statement
amounts is the same as that
for misstatements caused
by error or fraud as
described in AS
1001, Responsibilities and
Functions of the
Independent
Auditor.[AS2405.5]
Even when violations of such laws and regulations can have consequences material to the financial statements, the
separate report on
noncompliance in
connection with an audit of
financial statements, other
than as noted for audits
subject to the Yellow Book.
Because of the inherent
limitations described in
paragraph 250.05, an audit
performed in accordance
with GAAS provides no
assurance that all
noncompliance with laws
and regulations will be
detected or that any
contingent liabilities that
result will be disclosed. The overall objectives of the audit of financial statements are to:
a. Obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement , whether due to fraud or error, thereby enabling the auditor to express an opinion in accordance with GAAS and
audit objectives. Auditors may discover that the abuse represents potential fraud or noncompliance with provisions of laws, regulations, contracts, or grant agreements. [Para. 4.08] Laws, regulations, or policies may require auditors to report indications of certain types of fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse to law enforcement or investigatory authorities before performing additional audit procedures. When investigations or legal proceedings are initiated or in process, auditors should evaluate the impact on the current audit. [Para. 4.09]
Section 10A discusses illegal acts and does not address any events beyond an illegal act. Section 10A defines an illegal act as meaning “…an act or omission that violates any law, or any rule or regulation having the force of law.”
and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements such as tax and pension laws and regulations; and (b) Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements, but compliance with which may be fundamental to the operating aspects of the business, to an entity’s ability to continue its business, or to avoid material penalties (for example, compliance with the terms of an operating license, compliance with regulatory solvency requirements, or compliance with environmental regulations); non-compliance with such laws and regulations may therefore have a material effect on the financial statements In ISA 250.7, differing requirements are specified for each of the above categories of
auditor may not become aware of the existence of the illegal act unless he is informed by the client, or there is evidence of a governmental agency investigation or enforcement proceeding in the records, documents, or other information normally inspected in an audit of financial statements. [AS 2405.6]
Because of the
characteristics of illegal
acts, an audit made in
accordance with PCAOB
auditing standards provides
no assurance that illegal
acts will be detected or that
any contingent liabilities
that may result will be
disclosed. [AS 2405.07]
An audit in accordance with
PCAOB auditing standards
does not include audit
procedures specifically
designed to detect illegal
acts. However, procedures
applied for the purpose of
forming an opinion on the
financial statements may
b. Report on the financial statements, and communicate as required by GAAS. [AU 200.12, AU 250.05]
The objectives of the auditor are to:
a. Obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the financial statements that are determined by the provisions of those laws and regulations generally recognized to have a direct effect on their determination.
b. Perform specified audit procedures that may identify instances of noncompliance with other laws and regulations that may have a material effect on the financial statements and
c. Respond appropriately to noncompliance or
laws and regulations. For the category referred to in paragraph 6(a), the auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations. For the category referred to in paragraph 6(b), the auditor’s responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements. Categories of Laws and Regulations The nature and circumstances of the entity may impact whether relevant laws and regulations are within the categories of laws and regulations described in paragraphs 6(a) or 6(b). Examples of laws and regulations that may be included in the categories described in paragraph 6 include those that deal with:
Fraud, corruption and bribery.
Money laundering,
bring possible illegal acts to
the auditor's attention. The
auditor should make
inquiries of management
and the audit
committee1 concerning the
client's compliance with
laws and regulations and
knowledge of violations or
possible violations of laws
or regulations. Where
applicable, the auditor
should also inquire of
management concerning—
The client's policies
relative to the
prevention of illegal
acts.
The use of directives
issued by the client
and periodic
representations
obtained by the
client from
management at
appropriate levels of
authority concerning
compliance with
laws and regulations.
The auditor also obtains
written representations from
management concerning the
absence of violations or
suspected noncompliance with laws and regulations identified during the audit[AU 250.10]
d. Because of the
inherent limitations
described in
paragraph .05, an
audit performed in
accordance with
GAAS provides no
assurance that all
noncompliance with
laws and regulations
will be detected or
that any contingent
liabilities that result
will be disclosed.
Because of the
inherent limitations
described in
paragraph .05, an
audit performed in
accordance with
GAAS provides no
assurance that all
noncompliance with
laws and regulations
will be detected or
that any contingent
liabilities that result
will be disclosed.
Responsibility of the Auditor
terrorist financing and proceeds of crime.
Securities markets and trading.
Banking and other financial products and services.
Data protection.
Tax and pension liabilities and payments.
Environmental protection.
Public health and safety. [ISA 250.A6]
The objectives of the auditor are: (a) To obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements; (b) To perform specified audit procedures to help identify instances of non-compliance with other laws and regulations that may have a material effect on the financial statements; and (c) To respond appropriately to
possible violations of laws
or regulations whose effects
should be considered for
disclosure in the financial
statements or as a basis for
recording a loss
contingency. (See AS
2805, Management
Representations.) The
auditor need perform no
further procedures in this
area absent specific
information concerning
possible illegal acts. [AS
2405.08]
The Auditor's Response to Detected Illegal Acts
When the auditor concludes, based on information obtained and, if necessary, consultation with legal counsel, that an illegal act has or is likely to have occurred, the auditor should consider the effect on the financial statements as well as the implications for other aspects of the audit. [AS 2405.12]
For those laws and regulations that have a direct and material effect on the determination of amounts and disclosures in financial statements, the auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding material amounts and disclosures ins in financial statements that are determined by the provisions of those laws and regulations (e.g., income taxes. For other laws and regulations, that are fundamental to the operating aspects of the business and its ability to continue its business or necessary to avoid material penalties, the auditor’s responsibility is limited to performing specified audit procedures that may identify noncompliance with those laws and regulations that may have a material effect on the financial statements.iv [AU 250.06, .07]
The Auditors
Consideration of
non-compliance identified or suspected non-compliance with laws and regulations identified during the audit.[ISA 250.11] The Auditors consideration of Compliance with Laws and Regulations The auditor shall obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements. The auditor shall perform the following audit procedures to help identify instances of non-compliance with other laws and regulations that may have a material effect on the financial statements: (a) Inquiring of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and (b) Inspecting correspondence, if any, with the relevant licensing or regulatory authorities. [ISA 250.14-15]
Compliance
The auditor should obtain a
general understanding of the following:
a. The legal and regulatory
framework applicable to the
entity and the industry or
sector in which the entity operates
b. How the entity is
complying with that framework
The auditor should obtain
sufficient appropriate audit
evidence regarding material
amounts and disclosures in
the financial statements that
are determined by the
provisions of those laws and
regulations generally
recognized to have a direct effect on their determination
The auditor should perform
the following audit
procedures that may identify
instances of noncompliance
with other laws and
regulations that may have a
material effect on the
The auditor shall obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements. The auditor shall perform the following audit procedures to help identify instances of non-compliance with other laws and regulations that may have a material effect on the financial statements: (a) Inquiring of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and (b) Inspecting correspondence, if any, with the relevant licensing or regulatory authorities. The auditor shall request management and, where appropriate, those charged with governance, to provide written representations that all known instances of non-compliance or suspected non-compliance with
financial statements
a. Inquiring of management
and, when appropriate, those
charged with governance
about whether the entity is in
compliance with such laws and regulations
b. Inspecting
correspondence, if any, with
the relevant licensing or regulatory authorities
In the absence of identified
or suspected noncompliance,
the auditor is not required
to perform audit procedures
regarding the entity’s
compliance with laws and
regulations, other than those
set out in paragraphs.12–
.15of this section and the
requirement in section
580, Written
Representations, related to
requesting written
representations from
management regarding the
entity’s compliance with
laws and regulations.
If the auditor becomes aware
of information concerning
an instance of
laws and regulations whose effects should be considered when preparing financial statements have been disclosed to the auditor. In the absence of identified or suspected non-compliance, the auditor is not required to perform audit procedures regarding the entity’s compliance with laws and regulations, other than those set out above. [ISA 250.13-18] If the auditor suspects there may be non-compliance, the auditor shall discuss the matter, unless prohibited by law or regulation, with the appropriate level of management and, where appropriate, those charged with governance. If management or, as appropriate, those charged with governance do not provide sufficient information that supports that the entity is in compliance with laws and regulations and, in the auditor’s judgment, the effect of the suspected non-compliance may be material to the financial statements, the auditor shall consider the need to obtain legal advice. [ISA 250.20]
noncompliance or suspected
noncompliance with laws
and regulations, the auditor should obtain
a. an understanding of the
nature of the act and the
circumstances in which it has occurred and
b. further information to
evaluate the possible effect
on the financial statements.
[AU 250.12-16]
Additional Responsibilities Established by Law, Regulation or Relevant Ethical Requirements Law, regulation or relevant ethical requirements may require the auditor to perform additional procedures and take further actions. For example, the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA Code) requires the auditor to take steps to respond to identified or suspected non-compliance with laws and regulations and determine whether further action is needed. Such steps may include the communication of identified or suspected non-compliance with laws and regulations to other auditors within a group, including a group engagement partner, component auditors or other auditors performing work at components of a group for purposes other than the audit of the group financial statements. [ISA A.8]
Reporting on Financial Statement Audits
In addition to the AICPA Auditing Standards, GAGAS has additional requirements related to “....b. reporting on internal control and compliance with provisions of laws, regulations, contracts, and grant agreements;” [Para. 4.17] GAGAS requires auditors to report on compliance with provisions of laws, regulations, contracts, or grant agreements that have a material effect on the financial statements. Auditors report on compliance, regardless of whether or not they identify instances of noncompliance. [Para. 4.19] Auditors should include in a report a description of the scope of the auditors testing of compliance with provisions of laws, regulations, contracts, or grant agreements. Auditors should state in the reports whether the tests they performed provided sufficient, appropriate evidence to support an opinion on compliance with provisions of laws, regulations, contracts, or grant agreements. [Para. 4.20] When performing GAGAS
Under Section 10A, the auditor does not make a report similar to that required by GAGAS. Rather the auditor reports to management and the Board, and if they fail to take timely appropriate action, the auditor must report to the SEC as outlined below. If an auditor detects or otherwise becomes aware of information indicating that an illegal act (whether or not perceived to have a material effect on the financial statements of the issuer) has or may have occurred, the auditor shall, in accordance with GAAS; (B) as soon as practicable, inform the appropriate level of the management of the issuer and assure that the audit committee of the issuer, or the board of directors of the issuer in the absence of such a committee, is adequately informed with respect to illegal acts that have been detected or have otherwise come to the attention of such firm in the course of the audit, unless the illegal act is clearly
Communicating and Reporting of Identified or Suspected Non-Compliance Unless all of those charged with governance are involved in management of the entity, and therefore are aware of matters involving identified or suspected non-compliance already communicated by the auditor,5 the auditor shall communicate, unless prohibited by law or regulation, with those charged with governance matters involving non-compliance with laws and regulations that come to the auditor’s attention during the course of the audit, other than when the matters are clearly inconsequential. If, in the auditor’s judgment, the non-compliance is believed to be intentional and material, the auditor shall communicate the matter with those charged with governance as soon as practicable. If the auditor suspects that management or those charged with governance are involved in non-compliance, the auditor shall communicate the matter to the next higher level of authority at the entity, if it
The auditor should assure
himself that the audit
committee is adequately
informed as soon as
practicable and prior to the
issuance of the auditor's
report with respect to illegal
acts that come to the
auditor's attention. The
auditor need not
communicate matters that
are clearly inconsequential
and may reach agreement in
advance with the audit
committee on the nature of
such matters to be
communicated. The
communication should
describe the act, the
circumstances of its
occurrence, and the effect
on the financial statements.
If senior management is
involved in an illegal act,
the auditor should
communicate directly with
the audit committee. The
communication may be
oral or written. If the
communication is oral, the
auditor should document it.
[AS 2405.17]
If the auditor suspects
noncompliance may exist,
the auditor should discuss
the matter with management
(at a level above those
involved with the suspected
noncompliance, if possible)
and, when appropriate,
those charged with
governance. If management
or, as appropriate, those
charged with governance do
not provide sufficient
information that supports
that the entity is in
compliance with laws and
regulations and, in the
auditor’s professional
judgment, the effect of the
suspected noncompliance
may be material to the
financial statements, the
auditor should consider the
need to obtain legal advice.
Reporting Noncompliance
in the Auditor’s Report on
the Financial Statements
If the auditor concludes that
the noncompliance has a
material effect on the
financial statements, and it
has not been adequately
financial audits, auditors should communicate in the report on internal control over financial reporting and compliance, based on the work performed, (1) significant deficiencies and material weaknesses in internal control; (2) instances of fraud and noncompliance with provisions of laws or regulations that have a material effect on the audit and any other instances that warrant the attention of those charged with governance; (3) noncompliance with provisions of contracts or grant agreements that has a material effect on the audit; and (4) abuse that has a material effect on the audit. [Para. 4.23] GAGAS requires that when the auditor has concluded, based on sufficient and appropriate evidence, that any of the following has occurred, they should include in their report on internal control and compliance the relevant information about:
a. Fraud and noncompliance with provisions of laws and regulations that have a
inconsequential. Response to failure to take remedial action If, after determining that the audit committee of the board of directors of the issuer, or the board of directors of the issuer in the absence of an audit committee, is adequately informed with respect to illegal acts that have been detected or have otherwise come to the attention of the firm in the course of the audit of such firm, the registered public accounting firm concludes that-- (A) the illegal act has a material effect on the financial statements of the issuer; (B) the senior management has not taken, and the board of directors has not caused senior management to take, timely and appropriate remedial actions with respect to the illegal act; and (C) the failure to take remedial action is reasonably expected to warrant departure from a standard report of the auditor, when made, or warrant resignation from the audit engagement;
exists, such as an audit committee or supervisory board. Where no higher authority exists, or if the auditor believes that the communication may not be acted upon or is unsure as to the person to whom to report, the auditor shall consider the need to obtain legal advice. [ISA 250.23-25] If the auditor concludes the identified or suspected non-compliance has a material effect on the financial statements, and has not been adequately reflected in the financial statements, the auditor shall, in accordance with ISA 705, express a qualified opinion or an adverse opinion on the financial statements. [ISA 250.26] If the auditor has identified or suspects non-compliance with laws and regulations, the auditor shall determine whether law, regulation or relevant ethical requirements:the auditor has a responsibility to report the identified or suspected non-compliance to parties outside the entity. (Ref: Para. A2819–A3420) (a) Require the auditor to report
If the auditor concludes that
an illegal act has a material
effect on the financial
statements, and the act has
not been properly accounted
for or disclosed, the auditor
should express a qualified
opinion or an adverse
opinion on the financial
statements taken as a whole,
depending on the materiality
of the effect on the financial
statements. [AS 2405.18]
If the auditor is precluded
by the client from obtaining
sufficient appropriate
evidential matter to evaluate
whether an illegal act that
could be material to the
financial statements has, or
is likely to have, occurred,
the auditor generally should
disclaim an opinion on the
financial statement. If the
client refuses to accept the
auditor's report as modified
for the circumstances, the
auditor should withdraw
from the engagement and
indicate the reasons for
withdrawal in writing to the
audit committee or board of
reflected in the financial
statements, the auditor
should, in accordance with
section 705, Modifications
to the Opinion in the
Independent Auditor’s
Report, express a qualified
or adverse opinion on the
financial statements [AU
250.21]
Reporting Noncompliance
to Regulatory and
Enforcement Authorities
If the auditor has identified
or suspects noncompliance
with laws and regulations,
the auditor should determine
whether the auditor has a
responsibility to report the
identified or suspected
noncompliance to parties
outside the entity.[AU
250.27]
material effect on the financial statements or other financial data significant to the audit objectives and any other instances that warrant the attention of those charged with governance.
b. Noncompliance with provisions of contracts or grant agreements that has a material effect on the determination of financial statement amounts or other financial data significant to the audit objectives; or
c. Abuse that is material, either quantitatively or qualitatively. [Para. 4.25]
When an auditor detects instances of noncompliance or abuse that have an immaterial effect on the financial statements or financial data, but warrant the attention of those charged with governance, the instances should be communicated in
the registered public accounting firm shall, as soon as practicable, directly report its conclusions to the board of directors. Notice to Commission; response to failure to notify An issuer whose board of directors receives a report shall inform the Commission by notice not later than 1 business day after the receipt of such report and shall furnish the registered public accounting firm making such report with a copy of the notice furnished to the Commission. If the registered public accounting firm fails to receive a copy of the notice before the expiration of the required 1-business-day period, the registered public accounting firm shall-- (A) resign from the engagement; or (B) furnish to the Commission a copy of its report (or the documentation of any oral report given) not later than 1 business day following such failure to receive notice. Report after resignation
to an appropriate authority outside the entity. (b) Establish responsibilities under which reporting to an appropriate authority outside the entity may be appropriate in the circumstances. [ISA 250.29]
directors. The auditor may
be unable to determine
whether an act is illegal
because of limitations
imposed by the
circumstances rather than by
the client or because of
uncertainty associated with
interpretation of applicable
laws or regulations or
surrounding facts. In these
circumstances, the auditor
should consider the effect
on his report. [AS 2405.19-
.21]
Disclosure of an illegal act to parties other than the client's senior management and its audit committee or board of directors is not ordinarily part of the auditor's responsibility, and such disclosure would be precluded by the auditor's ethical or legal obligation of confidentiality, unless the matter affects his opinion on the financial statements. The auditor should recognize, however, that in the following circumstances a duty to notify parties outside the client may exist:3 a. When the entity
writing to audited entity officials. If the auditor detects such instances that the auditor determines do not warrant the attention of those charged with governance, the auditors determination as to whether or how to communicate those matters is left up to the judgment of the auditor. [Para. 4.26] Auditors may limit their public reporting to matters that would not compromise investigative or legal proceedings. [Para. 4.27] Auditors should report known or likely fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse directly to parties outside the audited entity when:
a. Entity management fails to satisfy legal or regulatory requirements to report such information to external parties specified in law or regulations, after first reporting this to those
If a registered public accounting firm resigns from an engagement, the firm shall, not later than 1 business day following the failure by the issuer to notify the Commission furnish to the Commission a copy of the report of the firm (or the documentation of any oral report given). Auditor liability limitation No registered public accounting firm shall be liable in a private action for any finding, conclusion, or statement expressed in a report made It has been reported by the press, that From the inception of the 10A reporting requirement in 1996 through May 15, 2003, a total of 29 Section 10A reports were submitted to the SEC. According to SEC officials in 2003, all Section 10A reports from 1996 to 2003 were investigated. Of the 29 SEC registrants named in the reports as of 2003, 10 were the subject of active SEC enforcement investigations, 8 had actions brought against them by the SEC, and 11 reports were closed without formal
reports an auditor change under the appropriate securities law on Form 8-K4 b. To a successor auditor when the successor makes inquiries in accordance with AS 2610, Initial Audits—Communications Between Predecessor and Successor Auditors5 c. In response to a subpoena d. To a funding agency or other specified agency in accordance with requirements for the audits of entities that receive financial assistance from a government agency 3 Auditors may be required, under certain circumstances, pursuant to the Private Securities Litigation Reform Act of 1995 (codified in section 10A(b)1 of the Securities Exchange Act of 1934) to make a report to the Securities and Exchange Commission relating to an illegal act that has a material effect on the financial statements. 4 Disclosure to the Securities
charged with governance. The auditor should report this to the specified parties as soon as practicable after notifying those charged with governance.
b. When management fails to take timely and appropriate steps to respond to known or likely fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse that is like to have a material effect on the financial statements and involves funding received directly or indirectly from a government agency. The auditor should first report the failure to take appropriate action to those charged with governance. If appropriate action is not then taken, the auditor should report the matter to the
action being taken by the SEC.v and Exchange Commission may be necessary if, among other matters, the auditor withdraws because the board of directors has not taken appropriate remedial action. Such failure may be a reportable disagreement on Form 8-K. 5 In accordance with AS 2610, communications between predecessor and successor auditors require the specific permission of the client. [AS 2405.23]
funding agency. [Para. 4.30]
Reporting Confidential Information
If certain pertinent information is prohibited from public disclosure or is excluded from a report due to the confidential or sensitive nature of the information, auditors should disclose in the report that certain information has been omitted and the reason or other circumstances that make the omission necessary. [Para. 4.40]
Does not contain any specific provision for confidential information.
Does not contain any specific provision for confidential information.
Distribution of Audit Reports
GAGAS specifies that audit reports should be distributed to those charged with governance, to the appropriate audited entity officials, and to the appropriate oversight bodies (such as legislative committees) or organizations requiring and arranging for the audit. [Para. 4.45] Governmental agencies often make the audit reports available on their websites.
See above regarding reporting to the board of directors and SEC. There are no reports to the investors of the company when an illegal act has occurred and it is not reported to the SEC. There may also not be a report when the auditor resigns before the auditor has made a determination an illegal act has
The auditor’s report on the financial statements is filed with the SEC and provided to investors and the public. There is no separate report on compliance with laws and regulations.
Penalties for noncompliance
Does not address If the Commission finds that a registered public accounting firm has willfully violated paragraph (3) or (4) of subsection (b) of this section, the Commission may, in addition to entering an order under
Does not address Does not address Does not address
section impose a civil penalty against the registered public accounting firm and any other person that the Commission finds was a cause of such violation.
i Rule 3101 of the PCAOB sets forth that in its standards, the words, must, shall and is required indicate unconditional responsibilities the auditor must fulfill. The word should indicates responsibilities that are presumptively mandatory the auditor must comply with unless the auditor demonstrates that alternative actions he or she followed were sufficient to achieve the objectives. The words may, might, could and other terms describe actions and procedures that the auditor has a responsibility to consider, but may not comply with depending on the circumstances. ii As provided in Section 2 of the Sarbanes-Oxley Act of 2002, the term issuer means an issuer, the securities of which are registered under Section 12 of the Securities Exchange Act of 1934 or tha is required to file
reports pursuant to Section 15(d) , or that files or has filed a registration statement that has not yet become effective under the Securities Act of 1933 and that it has not withdrawn. iii GAGAS states that “Abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and
circumstances. Abuse also includes misuse of authority or position for personal financial interests or those of an immediate or close family member or business associate. Abuse does not necessarily involve fraud, or noncompliance with with provisions of laws, regulations, contracts or grant agreements.” Paragraph 4.07. GAGAS provides examples of fraud and abuse.
iv AICPA AU 250 defines noncompliance as “Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations. Such acts include transactions
entered into by, or in the name of, the entity or on its behalf by those charged with governance, management, or employees. Noncompliance does not include personal misconduct (unrelated to the business activities of the entity) by those charged with governance, management, or employees of the entity.”
v See re:The Auditors at: http://retheauditors.com/2012/02/22/are-auditors-reporting-fraud-and-illegal-acts-the-sec-knows-but-isnt-telling/